Chapter 37 - Networking #

The Basics #

To get started, let’s just get some basic terminology down and take a look at the bigger picture:

Nodes #

These are all the points in the network. There are terminal nodes and intermediate nodes.

Terminal nodes are things like your phone, laptop, desktop, and other user-facing devices, as well as servers, like would be used for hosting games or websites.

Intermediate nodes, are things that are internal to the network: Things like modems, hubs, switches, routers, etc.

Links are the interconnects between two nodes. Generally these fall into two categories: Guided and Unguided

Guided Links are those that only connect a few nodes (usually only two) and are typically physical, hard-wire links, often copper or fiber optic.

Unguided Links are those that propagate to multiple devices, usually though the air, like WiFi.

Not all Links can support the same bandwidth or throughput. In general, Coaxial is worse than Twisted Pair which is in turn worse than fiber.


Applications #

These are the things that you want to do: Talk to someone via voice, text, or video; browse the web; download files; etc.

It can also refer to the specific program used to do these things, so like Chrome as your web browser or Zoom for video calling.

an API (Wikipedia) or ‘Application Programming Interface’ is what defines how two programs talk to each other. This doesn’t have to be over the network, but often is.

End Systems - Hosts/Server & Clients #

Not everything fits the host/server and client terminology, but generally the host/server is the one that is sending data, and the client is the one receiving. Or, another way to look at it, the client is the one making requests and the host/server the one fulfilling them.

Peer to Peer #

In a Peer-to-Peer (P2P) network, the idea of server and client break down a little, as typically all of the users (peers) are helping to share the content around. The most obvious example is torrenting.

Packets #

While we could just send a continual stream of data down a wire, that has a lot of issues. For one, it makes it hard to share the wire with multiple people. Of course you could split the wire so each person gets a split amount of time on the wire (Time Division Multiplexing (TDM)) or, if the wire can carry a range of frequencies give each user a small portion of those (Frequency Division Multiplexing (FDM), which limits the throughput similarly), but both of these sorta suck as they assume a user will always be using their provided channel. Instead, we do a sort of Time Division, but by packet-izing everything. Basically, each stream of data you want to send get’s broken up into manageable chunks called packets, and then these packets can be sent though the network. Now, if someone isn’t using the network, it’s free for others.

It’s worth noting, these packets typically have a header which carries some information about it, like what version of a protocol is being used, where it should go, and who it is from. Here, for example, is the full packet layout of an IPv4 packet, with the header being in the first 20 bytes.

Routers and Switches #

Heads up! This is a bit confusing, as the consumer “WiFi routers” you can buy typically have both a router and switch in them internally, as well as act as a WiFi access point - all, technically, three different roles.

Alright, so what are these routers and switches?

Routers #

A router is the device that can

  1. Determine where data should go by use of a routing table.

    Note: This includes differentiating between other, local machines and going out to the Internet

  2. Do Network Address Translation (NAT) (see NAT traversal (Wikipedia))

    Note: This is how networks can have a bunch of internal IPv4 IPs (usually all be served by one external ip. This isn’t necessary for IPv6, where each device can have its own external IP.

    … and, technically, you could have enough IPv4 addresses to not need NAT too, but that would be very expensive

    … also, sometimes you’ll be behind two NAT’s because of CGNAT (Wikipedia)

  3. Deal with congestion (if to much data is being sent to the router, how should it be handled?)

    … the answer is often just drop packets though.
  4. Provide Quality-Of-Service (QoS) to prioritize certain applications

  5. Act as a Dynamic Host Configuration Protocol (DHCP) server to assign ip addresses to devices

Switches #

A switch lets you connect multiple devices together, but does so a bit intelligently as the switch itself figures out what destination port an incoming packet should go to. In a typical setup the switch will have one “upper level” connection going up the network (so, in a home network, to the router that goes to the internet) and many connected devices (potentially including other switches). Except for in some weird scenarios, a connection between two devices connected to the same switch will only need to pass through the switch, not go to the router and back.

Often, switches will have one or two high bandwidth ports (10Gbe, for example) along side many slower ports under the assumption that a server or the internet will be handling most requests. Sometimes, these ports may look different than the others, as they may be for SFP modules instead of the typical RJ-45 jacks seen with most ethernet cables.

[TODO] Managed vs Unmanaged

[TODO] store and forward - buffering vs cutthrough

Note, there are also Ethernet Hubs, the key difference being the lack of a forwarding table, and (mostly) just blindly merge data: “It has multiple input/output (I/O) ports, in which a signal introduced at the input of any port appears at the output of every port except the original incoming.”(Wikipedia) (see IEEE 802.3)

Packet Loss #

Sometimes packets in the network don’t reach their destination. This can be for a variety of reasons. Maybe a switch along the line was overloaded and it’s buffer was full, maybe it took a bad route, maybe you have crappy wifi. ╮(─▽─)╭. It happens. Usually the percent of dropped packets is called your packet loss.

Bandwidth, Throughput, & Latency #

One thing a lot of people confuse is bandwidth and throughput. The two are related, but they’re not the same.

Throughput is how many bits of useful information you’re actually getting out per second. This is the number you probably actually want. Bandwidth (quite literally how much of a frequency range you’re using) is how much information the the connection can theoretically pass.

The easiest example of the difference here is a bad WiFi connection. You might have a good amount of bandwidth if you’re using a nice silce of spectrum up near 5GHz, but if you’re far away from the transmitter, near a running microwave, and your neighbor is using the same specturm for their Wi-Fi, you’ll obviously have a lower throughput.

As a brief digression, there’s also the idea of bit/s and baud. The difference is bits is the true number of 1’s and 0’s you’re recieving while baud is the number of symbols your’re recieving. For example, say you define ■=00, ◀=01, ◇=10, ◉=11. if you send one symbol a second, that’s still only 1 baud, but it’s 2 bits per second. Of course, in reality, it’s not like we can just keep packing more bits into a given symbol to get faster rates. Typically, the trade off between how many bits are in a symbol and the rate you can transmit symbols works out to make things pretty even. Typically if you see baud it’s talking about serial communication, but it’s still usually actually provided in bits/second… so, it’s confusing. Regardless, bit/s = baud rate * number of bits per symbol

You should note that while you’re internet provider may sell you 1000Mbit/s you probably won’t actually be able to connect to very many severs at that speed, as they simply can’t serve everyone at those rates. In my experiance, the only servers I’ve seen handle very fast connections are YouTube for uploads and Steam for downloads.

Finally, with any connection you’ll also have to deal with latency. In networking, this is typically called “ping time”, which is simply how long it takes for a round trip - hence the more formal RTT for Round Trip Time. This time will varry depending on the distance from you to the target server/device and how many devices are between. A good sanity check is to ping a local device such as your router with ping (typically) where the result should be well under 1ms. Following this, you can try to ping a few websites, like ping for example. For, I get ~12ms, and for I get ~130ms. Note that some websites may not respond to ping.

Later I’ll show you traceroute and derivative software (mtr, visual traceroute, etc.) that will help you see why a particular path may have a high latency.


Local Area Network and Wide Area Network- on most home connections your LAN is the network in your house while the WAN is the internet at large, so the WAN port on your router is where you connect the cable from your Internet Service Provider (ISP)

Note WAN doesn’t have to be the internet. It can really just be any network that’s broader than the LAN, that usually has multiple smaller, LANs attached.

Protocol #

Usually a network is dependent on a stack of protocols. Each protocol is just a standard for the way too things communicate. As we keep going you’ll see more about IP (Internet Protocol), TCP (Transmission Control Protocol), among many others.

Most protocols are determined by standardization bodies such as the Internet Engineering Task Force (IETF) or IEEE Standards Association (IEEE-SA)

Standards and Governance: IEEE, IETF, ICANN, W3C, …? #

I’m going to be throwing a lot of acronyms in here. Don’t try to look up each now- I’ll cover them as we go.

Okay, yeah, so, you’ll see these acronyms - among others - a lot. These can be a bit overwhelming, but the gist is there’s a fair amount of bureaucracy in how communications standards are defined.

Generally the IEEE (Institute of Electrical and Electronics Engineers) standards are more on the hardware and signaling side of things, so you’ll mostly see these in the physical layer, such as IEEE 802.11 for Wi-Fi

Meanwhile, the IETF (Internet Engineering Task Force) often publishes technical documents as RFCs (Request for Comments) such as the ASCII standard, DNS, UTF-8, SMTP, SSH, POP, NTP, NFS, Kerberos, IRC, IPv4, IPv6, among many, many others. These each have a designated RFC number, and often multiple, such as the many associated with DNS. There’s also the IRTF (Internet Research Task Force) which “focuses on longer term research issues related to the Internet while the parallel organization, the IETF”. The IRTF is made up of 14 research groups ranging from cryptography to quantum computing and even human rights.

The IANA (Internet Assigned Numbers Authority), a sub group of ICANN (Internet Corporation for Assigned Names and Numbers) assigns blocks of IP addresses, runs the root DNS servers, and runs the main time zone database. There are regional organizations (RIR - Regional Internet registry) that the IANA delegates responsibilities to. These are the American Registry for Internet Numbers (ARIN), Réseaux IP Européens Network Coordination Centre (RIPE NCC), Asia-Pacific Network Information Centre (APNIC), African Network Information Center (AFRINIC), and Latin America and Caribbean Network Information Centre (LACNIC).

Then there’s the W3C (World Wide Web Consortium) which is probably most notable for defining the standards for HTML, CSS, SVG, WebAssembly, and, more recently, ActivityPub. Of note, the W3C has faced backlash recently for adding DRM-specific Encrypted Media Extensions (EME) to HTML5, a move that really really pissed of the EFF…

Speaking of, the EFF (Electronic Frontier Foundation) is a bit of an odd-one-out on this list, but is effectively to the internet what the ACLU is to the broader public. They regularly provide legal council to high profile cases regarding online rights and digital privacy. They’ve regularly stood up for the right to encrypt your shit, are anti-DRM, and are basically all-around the good guys. Seriously, please donate to them or buy some of their actually awesome merch

Finally, getting pretty tangential, you’ll also probably see a fair amount of stuff from the DEFCON computer security conference influence the web at large - I’ll talk more about that in the Security chapter though.

A typical network #

So that we have some context through this chapter, lets look at what happens when you visit (assuming you have a normal network)

  1. You’ve already connected to your home network. Let’s make some assumptions about your setup:

    • This is over twisted pair wire, just to keep things simple for now. (Not using Wi-Fi)

    • Let’s also assume IPv4, since IPv6 still isn’t used everywhere.

    • Your router, at, has used DHCP to assign your device a local ip address of

    • Your router is connected to the internet on it’s WAN port, probably though a modem of some sort that takes care of the “translation” to whatever analog signaling carries your data to your ISP. If you’re in a city, this is probably a fiber connection, so the modem translates the electrical signals in twisted pair cable to light to go down a fiber line.

  2. You enter the URL (Uniform Resource Locator) into your browser’s address bar and press enter

    • is a normal URL that doesn’t contain emoji or anything weird, so the look up is pretty directly.
    • If you entered, the [TODO] checks to see if https:// is available and redirects you.
  3. Your browser attempts to look up this domain name to turn it into an IP address using DNS

    • Having been to the website recently, your computer has cached the DNS request
    • Having not been to the website recently (or ever before) your computer has to ask a DNS Server where to go
      • This is done over UDP, using a source port over 1023, to connect to a DNS server running on port 53
      • If the DNS request is not cached by your router, this will need to go out to a DNS caching sever ran by your ISP or even higher, and that requires Network Address Translation - more about this in step 4.
  4. Your computer tries to find a vaild way to get to this address with ARP (Address Resolution Protocol)

    • This is also cached, so if it’s been done recently, it doesn’t need to be done again
    • The route table is looked up, to see if the Target IP address is on any of the subnets on the local route table.
      • This isn’t a local IP so nope
    • Your “Router” probably has an internal switch, probably with some other devices wired in, so:
      • The switch will check its local CAM/MAC table to see which connection has the MAC address we are looking for. If the switch has no entry for the MAC address it will rebroadcast the ARP request to all other ports.
        • Assuming this is the switch built into the router, one of the MAC addresses will be the MAC address of the the router - so this is used: the switch sends the ARP request to the connection that has the correct MAC address. Note, that this connection is internal, but acts the same as having a separate real-router and real-switch (not the combo unit) wired together.
  5. Being an https, website, your browser requests your operating system to open a socket on port 443

    • This request is first passed to the Transport Layer where a TCP segment is crafted. The destination port is added to the header, and a source port is chosen at random from within the kernel’s dynamic port range (ip_local_port_range in Linux).
    • This segment is sent to the Network Layer, which wraps an additional IPv4 header. The IPv4 address of the destination server as well as that of the current machine is inserted to form a packet.
    • The packet next arrives at the Link Layer. A frame header is added that includes the MAC address of the machine’s Network Interface Card (NIC) as well as the MAC address of the gateway (your home router). If the kernel does not know the MAC address of the gateway, it must broadcast an ARP query to find it.
  6. The connection from (your computer) to [OpGuide’s IP] requires network address translation.

    • Your computer sees the path for this as needing to use your home router

    • When the router ( gets the TCP SYN out, it records the destination ip, source port, and destination port triplet and uses that to route the incoming responses back to your computer

  7. and starts a TCP connection(s) to start pulling each file - all the HTML, CSS, images, JavaScript, etc.

    • The Browser’s cache still has some of this content from a previous visit, and assumes this content is still valid
    • The TCP connection goes though the SYN, ACK, SEQ, FIN process as is typical - more about this later
    • In reality, a lot of TCP connections are made simultaneously.

Note, we’re assuming all of the data is being sent over Ethernet. which means at any point any data is moving from one computer/switch/router to another, all of the complexity of ethernet’s packetiziation applies too. The TCP packets of the main connection and UDP packets of the DNS request are all wrapped up in these Ethernet data packets (frames), which include the MAC destination, MAC Source, and some error checking.

This means it’s a sort of nesting doll of protocols, where the Ethernet frame holds the IP packet, which holds the UDP or TCP segment, which finally holds the data in question.

  1. Being an https, The browser does a TLS handshake to encrypt the transfer.

    • This looks at the certificate of the website - for OpGuides this is issued by Let’s Encrypt. Click the lock icon next to the URL in the address bar to see it.

    • The certificate is checked to be valid both in that it hasn’t expired and that the certificate is issued by a source the browser has trusted

      openssl s_client -showcerts -connect→Authorities, then look in chrome://settings/certificates and see that “Internet Security Research Group” is trusted.

  2. Browser starts rendering content from all the files

    • If you play a YouTube video or load a twitter embed, etc. - that content is established via a new connection, which repeats all of these steps.


IP addresses, Ports, Default Gateway, Routes & kernel routing table, subnet mask -, ping, traceroute (mtr/lft), dns - resolv.conf, pihole, caching / squid, localhosts, port forwards, DHCP, private nets, firewalls, chromecast port thing, https vs no s, rsync,scp,samba, cups, databases , pihole, BGP, RIP, OSFI, multi-zone wifi, single ap multi freq wifi, enterprise security, secured ethernet,

Parallel, Pipelined, Persistance and Performance

The OSI Model #

The OSI model of networking is the model of networking most classes will cover. It is slightly different from the one used by the internet, which is the TCP/IP model, but it’s a bit more regularly used when talking about networking, so it’s the one I’ll cover here. Note, the big difference is really just that In the TCP/IP model, the Physical and Data Link Layers are viewed as a unified ‘Network Acces Layer, the Network Layer is called the Internet Layer, The Transport Layer stays the same, and the and The Session, Presentation, and Application layer are all part of a larger Application Layer.

Seriously though, don’t think about this to much. It usually doesn’t matter and the OSI Model is fine.

1 - The physical Layer #

The series of tubes, wireless media, etc. that you shove your information into

We’ve already talked about Routers, Switches, Hubs, Nodes, and Links - all of these are part of the physical layer. Let’s look at some of the details though:

Ethernet #

Over Coax, fiber , twisted pair(+ CAT_ ratings), wet string

+ Sneakernet, Infiniband, Multigig

Wi-Fi, Wi-Gig, … #

Wi-Fi is a part of the IEEE 802.11 standard and normally uses 2.4GHz and 5GHz. However, there are varients that use 60Ghz (WiGig, CMMW) and sub 1Ghz (Wi-Fi HaLow, White-Fi).

Generally, the high frequency will have worse coverage but higher data throughput. Each frequency range is split up into multiple channels. It is generally good practice to not be on the same channel as your neighbor.

Generation Name / IEEE Standard Year Frequency Range** Max Rate Note
Wi-Fi 6E (802.11ax) 2020 2.401-2.495+5.030-5.990+“6Ghz”(5.925-7.125Ghz) 9608 Mbit/s the “E” is to denote this extra spectrum
Wi-Fi 6 (802.11ax) 2019 2.401-2.495+5.030-5.990GHz 9608 Mbit/s dramatic under-the-hood changes: notably OFDMA, more spatioal streams, and uplink MU-MIMO
Wi-Fi 5 (802.11ac) 2014 5.030-5.990GHz 6933 Mbit/s Allows for wider channels, MU-MIMO, Beamforming
Wi-Fi 4* (802.11n) 2008 2.401-2.495+5.030-5.990GHz 600 Mbit/s Adds basic MIMO, Spatial Division Multiplexing added, frame aggregation, and possibility for 40Mhz channels
Wi-Fi 3* (802.11g) 2003 2.401-2.495GHz 54 Mbit/s Basically a speed bump from Wi-Fi 2. Runs slower if there are any Wifi 1 devices on the network.
Wi-Fi 2* (802.11a) 1999 5.030-5.990GHz 54 Mbit/s Basically just defines the addition of the 5GHz band
Wi-Fi 1* (802.11b) 1999 2.401-2.495GHz 11 Mbit/s Yes, b is worse than a, but was short lived- you’ll mostly see b/g/n support on low end devices.
Wi-Fi 0* (802.11) 1997 2.401-2.495GHz 2 Mbit/s Initial spec, Extremely rare
* Wi-Fi 0-4 are unoffical names
** Frequencies/Channels may be limited by region: see List of WLAN Channels
Generation Name / IEEE Standard Year Frequency Range** Max Rate**** Note
(802.11y-2008) 2008 3.65-3.7Ghz ??? A spectrum licenseing shit storm, can run at higher power
(802.11j) 2004 5Ghz only ??? Mostly Japanese. Might(?) be used in the US by Law Enforcment?
WiMax (802.16) 2005
2-11Ghz ~40 Mbit/s normally, 1Gbit/s for fixed stations Spectrum used may require licence. Hardware is actually available.
White-Fi (802.11af)*** 2014 755-928Mhz 35.6 Mbit/s, 426.7Mbit/s with channel bonding –extremely variable Also known as “White-Fi”. Uses Licenced Spectrum. Also see 802.22
Wi-Fi HaLow (802.11ah)*** 2017 900Mhz 150 Kbit/s to 78 Mbit/s – extremely variable Also known an Wi-Fi HaLow. Some consumer products available, dubious legality
CMMW (802.11aj) 2018 45Ghz ~15 Gbit/s Mostly used in China, CMMW = Chinna Milimeter Wave
WiGig (802.11ay) 2021 57.24 to 70.20Ghz 277(?) Gbit/s - (When running with basically all of the spectrum dedicated to one link) Extension of ad
WiGig (802.11ad) 2012 57.24 to 70.20Ghz ~7 Gbit/s Used by Dell and Lenovo for a bit, hardware compatability & drivers may be rough
*** Also see LoRa, Zigbee, BLE, and Z-Wave
**** Max Rate is a bit hard to research here, so take these numbers with a grain of salt

Also note, WiFi generally uses the same 2.4Ghz spectrum as Bluetooth (IEEE 802.15.1) and Bluetooth Low Energy (BLE, not from an IEEE standard).

This is not all of the 802.11 standards. There’s a bunch of extensions/application specific cases like 802.11p for use in moving vechicals

SSIDs - Service Set Identifier #


Multiple Acccess Points, Repeaters, #

Security #

WEP, WPA(v2), EAP, TKIP, RADIUS, PEAP, LEAP —> Maybe redirect to security chapter

Not Using Wi-Fi #

Ethernet over power, wired tethering (USB)

Other Wireless Systems #

Satelite, geostationary & LEO

End to End Delay #

d_ECE = 2 (L/R)

where L = bits per packet, R = tx rate of link

Queuing Delay #

Hubs, Repeaters, Taps #

Carrier Pidgeon, Can, etc. #

Modems? #


Organize the information in the meduium into a packet, control who get’s that packet


Ethernet #

PPP - Point-to-Point Protocol #

Switch #

Bridge #

Frames #

VLAN - Virtual LAN #

3 - Network Layer/IP Layer #

Find paths though the mesh of links and forward the packets though it

Service Models #

Not guaranteed delivery, bounded delay, or throughput. Sorta sucks, but it’s cheap

Packets #

IPV4, IPV6 #

IPV6 is a total nightmare & Hacker News comments on this blog post (note, I don’t agree with everything here, just providing it as another person’s comments)

IPV4->6 Tunneling

Logical: [6] <-> [6] <- ——————- -> [6] <-> [6]

Physical: [6] <-> [6] <-> [4] <-> [4] <-> [6] <-> [6]

[TODO] ipv4 exhastion

It’s very reasonably to scan literally every IPv4 address. See A Census of Minecraft Servers or Harder Drive for examples of this being done.


ICMP - Internet Control Message Protocol #

IGMP - Internet Group Management Protocol #


Subnets #


Static and Dynamic Routes #

BGP - Boarder Gateway Protocol #

BGP is one of those things that you should basically never have to worry about, and if you do, it’s almost certainly because somebody else fucked up. That said, it does still matter. In 2021, a BGP mis-configuration took FaceBook down globally and in 2008 Pakistan used a BGP hijack to take down YouTube. But, uh, what is it.

Well, if you’ll allow me to follow the lead of the late Alaskan Senator Ted Stevens’ less-than-ideal analogy: “The Internet is a series of tubes!” and BGP is the logic that dictates where things get routed to go from one tube to the next, and tries to adapt to find the fastest, most efficient route when there are multiple available paths, but, while I could try to explain it, This article from Cloudflare will do a much better job than I ever could, so just, read that and come back here.

Hai, welcome back - so, okay, BGP is only something for the ISPs and big players, right? Well, no.

First of all, you might, occasionally want to check something isn’t taking a very stupid route, which means digging into BPG yourself. Julia Evans wrote a great blog post “Tools to explore BGP” that does a good job of showing how to poke around things. If you actually want to get hands on, you can use GNS3 to simulate a network, or join to try something more tangible.

There’s some fantastic other pages I recommend reading too. Most notably, EVE Online internet from is a really neat look at BGP and just a fun read!

BTW, Ben Cox blog has a ton of other really neat posts, like The Speed of BGP network propagation, BGP Stuck Routes, and Hacking Ethernet out of Fibre Channel cards

To finish things up, the Wikipedia article for BGP is quite nice as well, and does a really good job of explaining the more technical operation in plain english.

4 - Transport Layer #

Better reliability of the network by keeping packets in order, retransmitting lost packets, etc.

Multiplexing, Demultiplexing

Reliable data tx/rx - checksums

flow and congestion control

TCP - Transmission Control Protocol #

tcp header diagram

Multipath TCP

UDP - User Datagram Protocol #

QUIC - Quick UDP Internet Connections #


Raw #

A brief dive into FSMs #

Go-Back-N #

Selective Repeat #

Timeout and Retransmission from Estimated RTT #

5 - Session Layer #

Authentication #

Sockets #

API - Application Programming Interface #

NetBios - Network Basic Input/Output System #

PAP - #

RPC - Remote Procedure Call #

SMB - Server Message Block #

SOCKS - Socket Secure #

6 - Presentation Layer #

TLS - Transport Layer Security #

SSL - Secure Sockets Layer (Deprecated) #

IMAP - Internet Message Access Protocol #

7 - Application Layer #

HTTP(s) - Hypertext Transfer Protocol # (both images)

response codes - 200, 300’s, 400’s, etc.

In header lines

Host, user agent, accept-language, connection (keep-alive), …?



http1 vs 2 v 3

cookies because stateless


FTP - File Transfer Protocol #

still TCP, out-of-band, maintains state, passive v active mode

DNS - Domain Name Service #


Stop Using Rediculously Low DNS TTLs (Frank Denis)

record types

You Smart TV is probably ignoring your PiHole (LabZilla)

72% of Smart TVs, 46% of Consoles hardcode DNS Settings, (Hacker News Comments on article)

Bonjour / Zeroconf #

Occassionally, you may find things that want a name given to them by the local system. If two systems are running Bonjour / Zeroconf, then you can have a local name that should always point to the device. This is particularly handy for setting up devices like the Raspberry Pi Zero as a USB gadget and letting it show up as a network device on the system it’s plugged into- now it’ll have a local name. See Bonjour (Zeroconf) Networking for Windows and Linux (Adafruit).

DHCP - Dynamic Host Configuration Protocol #

Some texts will put this in Data or Network layer or Link Layer, it’s a bit ambiguous. It’s not -technically- necessary, much like DNS, but it’s used as a core part of the network in most networks. It does appear the RFC 2131 says it’s Link Layer, but it seems most people think it belongs in Application Layer.

SSH - Secure Shell #

IRC - Internet Relay Chat #


mail servers and useragents

UPNP - Universal Plug and Play #

NTP - Network Time Protocol #

Telnet #

NFS - Network File System #

Torrents #

Distributed Hash Tables

Time #

Real time clocks, timezones, utc, etc.

VPNs #

OpenVPN #

Wireguard #

Wireguard Quickstart page

Wireguard entry on the (Arch Wiki)

Tailscale #

Networking Tools #

Etherape #

Wireshark #

Enable Packet Diagram View

Nmap #

Scapy / Kamene #


(G)NS #

HTTPie #

HTTPie (Github) - human-friendly CLI HTTP client for the API era

Tunnels & VPN #

bore (Github) - a simple CLI tool for making tunnels to localhost

Further Reading #

What happens when… [Github] - An attempt to answer the age old interview question “What happens when you type into your browser and press enter?”

Ben Eater’s Networking Tutorial Series is pretty good:

Chapter 37.1 - Weird Networking, because why not! #

Weird URL Protocols (YouTube, ThioJoe)

cjdns + hyperboria




Beaker Browser

Bombadillo is a non-web browser, designed for a growing list of protocols operating outside of the web.

Software Defined Networking, ActivityPub

GreenTunnel - “GreenTunnel bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.”

File transfer via DNS

Alternative Internet (Github list)

Awesome Mesh (Github list)

List of tools in the BlackArch repo, meant mostly for security research, though obviously many of these are network related and so might give some inspiration or lead to interesting rabbit holes

Defcon channel (YouTube), DefCon is a security confrence, and naturally that means a lot of network security, including Including some on hacking sex toys

Why do we use the Linux Kernel’s TCP Stack (Julia Evans Blog)

A smol tcp stack (Github)

The Cost of CPU Networking on a Host (David Ahern’s Blog)

Encapsulation of TCP over UDP

WORST POSSIBLE quality on YouTube? (YouTube, FlyTech Videos)

‘Nerfnet’ tunnells TCP/IP over cheap NRF24L01 Radios (Hackaday, Tom Nardi)

RFC for 700 HTTP Status Codes (Github, Joho)

Fun with IP address parsing (David Anderson’s Blog)



[TODO] Add follow along making a network stack


Netcat - All you need to know

If you would like to support my development of OpGuides, please consider supporting me on GitHub Sponsors or dropping me some spare change on Venmo @vegadeftwing - every little bit helps ❤️